Lucene search

K
freebsdFreeBSD06A6B2CF-484B-11D9-813C-00065BE4B5B6
HistoryJan 15, 2004 - 12:00 a.m.

mysql -- ALTER MERGE denial of service vulnerability

2004-01-1500:00:00
vuxml.freebsd.org
8

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.1%

Dean Ellis reported a denial of service vulnerability in the MySQL
server:

Multiple threads ALTERing the same (or different) MERGE tables to
change the UNION eventually crash the server or hang the individual
threads.

Note that a script demonstrating the problem is included in the
MySQL bug report. Attackers that have control of a MySQL account can
easily use a modified version of that script during an attack.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmysql-server<= 3.23.58_3UNKNOWN

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.1%